11 lines
1.2 KiB
Plaintext
11 lines
1.2 KiB
Plaintext
crossorigin
|
|
|
|
This enumerated attribute indicates if the fetching of the related image must be done using CORS or not. CORS-enabled resources can be reused in the <canvas> element without being tainted. The allowed values are:
|
|
|
|
anonymous
|
|
A cross-origin request (i.e. with Origin: HTTP header) is performed. But no credential is sent (i.e. no cookie, no X.509 certificate and no HTTP Basic authentication is sent). If the server does not give credentials to the origin site (by not setting the Access-Control-Allow-Origin: HTTP header), the image will be tainted and its usage restricted..
|
|
|
|
use-credentials
|
|
A cross-origin request (i.e. with Origin: HTTP header) is performed with credential is sent (i.e. a cookie, a certificate and HTTP Basic authentication is performed). If the server does not give credentials to the origin site (through Access-Control-Allow-Credentials: HTTP header), the image will be tainted and its usage restricted.
|
|
|
|
When not present, the resource is fetched without a CORS request (i.e. without sending the Origin: HTTP header), preventing its non-tainted used in <canvas> elements. If invalid, it is handled as if the enumerated keyword anonymous was used. See CORS settings attributes for additional information. |